[libvirt] unable to set security context (NFSv4 problem?)
Spencer Shimko
spencer at beyondabstraction.net
Wed Apr 21 18:24:18 UTC 2010
Harald Dunkel wrote:
> Hi Spencer,
>
> I could reproduce the EINVAL on the command line:
>
> srvl022:/storage# touch /storage/x
> srvl022:/storage# chown 110:140 /storage/x
> chown: changing ownership of `/storage/x': Invalid argument
>
> 110 and 140 are not valid UIDs and GIDs on the NFS
> server. They are defined in the local passwd/group files
> on the libvirt server only. After defining the user and
> group on the NFS server the error message is gone.
>
> Obviously NFSv4 is a little bit picky about remote root
> users trying to change the ownership of files. This seems
> to break qemuSecurityDACSetOwnership() in qemu_security_dac.c,
> giving me the "unable to set security context" message.
>
> Do you think it would be possible to introduce a configure
> option '--with-dac=no'?
I think that would be a little misleading ;) It sounds like part of the
problem was that the error message wasn't clearly conveying the reason
for the problem. It wasn't an SELinux security context that was causing
issues, it was DAC user/group. I just submitted a patch to clarify the
error message to reference user/group instead of "security context."
--Spencer
>
>
> Regards
>
> Harri
More information about the libvir-list
mailing list